Monitor Security Blacklist

When capturing event context, Zend Monitor will save the values of all PHP super-globals (POST, GET, SESSION etc.) in the event database, and will present these values in event reports. Sometimes, it is unwise to store and present some values - for example, passwords or credit card numbers and other private information.

Zend Monitor allows you to filter out some super-global values by black-listing their keys in the Zend Monitor Security Blacklist. Filtered values will not be stored in the events database and will not be included in event reports (details) - instead, the string "<BLOCKED_VALUE>" will be presented.

Why Configure Security Settings?

The primary reason for securing information is to prevent the storage, handling and distribution of sensitive information such as user names, passwords and credit card numbers. This information is collected as part of the Zend Server diagnostic process. However, in most cases the context, and not the value, is important to understanding why the Event occurred. Therefore, sensitive information omitted from the Event Detail collection process.

An additional reason for using the Security Blacklist is to prevent inadvertently sending sensitive information by e-mail when using the Event Action option that automatically sends Event Details via email.

Black-listing sensitive information may be required in order to confirm with some security standards such as PCI Certification.

 

This procedure describes how to manually define a blacklist of keys that should not be collected, stored or displayed in Event reports.

 

 

Instructions on how to complete a procedure

To manually define a security Blacklist:

  1. In Zend Server, go to Server Setup | Components.
  2. Locate the Zend Monitor component in the table and click on the Directives link.
    This will guide you directly to the directives related to this component in Server Setup | Directives.
  3. Locate the directive zend_monitor.security_black_list.
  4. Add as a value any keys that should be blocked using a comma to separate between them.
  5. Click "Save Changes"
  6. Restart by clicking restart_php_pe.png.

Each of the keys that you added to the list will now be replaced by '<BLOCKED_VALUE>'

 

Usage Example

Example:

For example, to blacklist HTTP passwords passed to PHP by the web server through the $_SERVER['PHP_AUTH_PW'] super-global variable, I would add it as follows: zend_monitor.security_black_list=PHP_AUTH_PW

Any subsequent keys added would be added using a comma to separate them as follows:

zend_monitor.security_black_list=PHP_AUTH_PW,cc_number,secret_token

Please note that if the same key exists in several super-globals (for example, if "cc_number" exists in both $_POST and $_SERVER) it will be removed from all of them. You can configure the list of super-global variables you want to secure using this feature by setting the value of the zend_monitor.super_globals_to_secure directive.

 

 

Related Links

Related Links:

Monitor  

Events

Event Details